Enable self-healing endpoint security with Application Persistence

In this podcast recorded at RSA Conference 2017, Richard Henderson, Global Security Strategist at Absolute Software, and Todd Wakerley, SVP of Product Development at Absolute Software, talk about Application Persistence.

Todd Wakerley: And I’m Todd Wakerley. I’m the SVP of Product Development at Absolute Software. And today we’re here to talk about Absolute Persistence and the Absolute offer.

Richard Henderson: Absolute is headquartered in Vancouver, British Columbia. We’ve been on a very long time. You’ve probably heard of some of our products. And if you haven’t, why don’t you go take a look at absolute.com and try and get a better understanding of what we do at Absolute? But what I can tell you is that our Persistence product is our patented firmware level technology that OEMs and ISVs trust and have trusted for a long time to help protect their products and our customers.

Todd Wakerley: Day in and day out, over 20 manufacturers ship Persistence in the firmware today, as they ship those laptops, mobile devices, tablets. I think one of the big things that we’ve just recently released is Application Persistence. Application Persistence is, really, an expansion of our Persistence technology. We’ve been using Persistence for the last 20 years to guarantee visibility on devices that are protected by Absolute. And this week we’ve really announced the expansion of that capability to extend Persistence through our data and device security product to other vendors.

Richard Henderson: The best way to explain Application Persistence to people listening is quite simply enterprises and other customers have a core set of applications that they care the most about, whether there it be a VPN client, a piece of AV software, endpoint protection suite, BitLocker, you name it; or even internally developed applications.

These applications are critical to the success of a business. And they must have virtually 100% uptime. They have to always be on, always be available, resilient, untampered with. Application Persistence gives companies the ability to ensure that those applications that they care the most about remain in a known and good state, regardless of anything that could happen on the endpoint.

So, for example, there’s lots of malware there today. The first thing it does when it executes, tries and disable the AV client on the endpoint. Application Persistence, through our Persistence technology, allows you to ensure that if something were to happen to that – we’ll just use the AV as an example – AV product, the firmware with the agent on the firmware and the agent on the OS knows that something has happened to that client and will then go grab a known good copy and put it back. Then it will alert your SIEM or your security team, and they can take the time to go take a look at things.

Todd Wakerley: In many cases, it’s not necessarily just a piece of malware, but it just could be ignorance or somebody doing a routine system restore. IT administrators are just trying to get people productive, and they’re not necessarily spending the time to make sure all of these things are functioning on the box.

I was just talking to a customer of ours yesterday. Their number one reason for buying the product was so that they can ensure compliance on encryption. They’re in a highly regulated industry, and what they’ve discovered is they had one laptop theft or loss a year ago, and the last known communication that they received from the encryption software was that it was encrypting it. And the lawyers question limits. ‘Well, how do you know when you’ve encrypted everything?’ With our software and with our expansion into third party systems, we can actually guarantee that we can give those auditors the information they need, the results that they need, and give the company, really, the assurance that the software is functioning correctly.

Richard Henderson: I think along those lines CISOs today, they spend most of their time quantifying risk. That’s what they do. And through Application Persistence and the Absolute Persistence platform, we give CISOs a very simple way to attach a quantifiable to that risk when it comes to the applications on their endpoints. And I think that’s a homerun for CISOs. If we can virtually guarantee that these applications are never going to leave the device, regardless of whether it is malware or compliance need or a malicious insider, or a privileged account. Look, we all know there’s plenty of people in environments who want to do things their own way, and they’ll find ways around the controls you put on the endpoints. But that’s a story as old as time when it comes to technology. There’s always people who want to just tweak things or do things that may violate your compliance or regulatory goals. So, we provide mobility for IT and security teams to ensure that those they care the most about don’t get tampered with or messed with in any way.

Todd Wakerley: And in the past, through our DDS technology, we’ve been able to at least inform the organizations that this happening. But with the introduction of Persistence, now it’s more than just inform – right? It’s report and repair of that product.

One of the other use cases that I hear all the time is that with all of these controls, they still don’t have full visibility to their enterprise. And that’s one thing that we do with Persistence technologies; that once it is activated, that laptop, that mobile phone or that tablet or that desktop will phone home, you will know its state. And that is huge for organizations, generally.

Richard Henderson: Well, you think about the implications for the mobile workforce and the telecommuters whose devices don’t exist inside your corporate walls. They still need to have visibility and understanding of what those devices are doing, regardless of whether they’re inside your typical perimeter network.

I mean, look, we live in a world now where there really isn’t a perimeter anymore. The perimeter is dead, the perimeter is long gone, there’s cloud, there’s mobile, there’s BYOD, there’s IoT we need to worry about. All those things make it very difficult for you to practice a very traditional perimeter-based security model. I don’t know many customers anymore who even consider that. Maybe the most strict desktop-only-based environments with no BYOD, virtually no wireless whatsoever, but those are the far exceptions now, not the rule anymore.

So for the mobile workforce, especially, it’s critical that CSOs and security teams need to know what those devices are doing at any one time. If your device… if your field sales team can be full of all sorts of confidential information; if that device gets stolen or, heaven forbid, sales guy or saleswoman decides they’re leaving the company and wants to take all that data with them to someone else, you need to know where that device is going to end up, and then have the ability to instantly or rapidly deploy technology or controls to be able to mitigate that insider breach.

Todd Wakerley: And I think that the controls that exist today are… Perfect example, we know that if a device is lost or stolen, it’s reported, we can quickly judge its security posture, we know if it’s encrypted, we know if it had sensitive information, we know which applications they had installed on it, we know who was using it, and we can quickly remediate it, we can freeze that device, we can initiate network access control for that device, we can lock that device. And that is a guaranteed lock. It is resilient to tampering. And that is, I think, a huge win for our customers.

Richard Henderson: I think that’s one of the reasons I joined the Absolute family, it’s that I really think this technology is unlike anything else I’ve ever seen in the business. And if you haven’t taken a look at it, you probably really should.

Todd Wakerley: And it’s in large part to our partnership with our OEMs and our ability to make sure we’re doing the right things from a firmware perspective to make sure that we can attest, and guarantee, and validate that for our customers.

Richard Henderson: So, Todd, tell me a little bit more about endpoint data protection and how our customers use that.

Todd Wakerley: Well, I think, Richard, you know that traditional DLP deployments are traditionally just brought with trouble and failure. I mean, today almost 80% of large scale DLP deployments result in either abandonment or simply in an inactive, kind of like a passive monitoring role. And we took a look at that, and we took a look at some technology that we acquired a few years ago that was network-based DLP. And we said, ‘What if we could extend that to the endpoint? What if could inspect the data that resides in the endpoint and start to allow organization simply to identify risk of data that exists on the device?’ That, combined with the security posture that we can collect through hardware and software inventory really provides a unique view for the organization.

You were talking earlier about determining the value of risk. And certainly, our ability to detect sensitive information, whether it’s PII data or credit card information, whatever it is, we can now give users an opportunity to prioritize their remediation strategy based on that.

Richard Henderson: It’s funny you say that, because some of our customers I’ve talked to, when they see some of the results of the amount of sensitive or possible at risk data that resides in their endpoints, it’s crazy. I mean, they have no idea the staggering amount of sensitive or potentially sensitive data that’s existing on these endpoints, because they have no visibility to where that data is moving to.

Todd Wakerley: Right. And if you put that in the context of what else is happening on a device – right? What else is the user doing on the device? What other software might they have on the device? We’ve been able to relate that to risk in the cloud. We’re not a CASB, we don’t claim to be the CASB, but we can tell you whether or not that user is putting that data in the cloud, in a place that is maybe not sanctioned. It is truly shadow IT. And we can detect, and we can at least alert the users for that, and help them remediate that activity.

Richard Henderson: I think in today’s really tight and getting tighter regulatory climate, especially when we thing about GDPR in the EU, those are going to be questions that companies and enterprises are going to need answers for. Where is this data going? Where is it residing? Where is it sitting at rest? I mean, think about the changes in laws in Germany for example, and all the data residency requirements in all sorts of places in Europe. The EU is not going to tolerate people messing around with EU citizens data. And if companies don’t have any idea as to where that data is moving inside their network ending up on those endpoints and places they probably shouldn’t end up, then they’re going to be held accountable for it.

Todd Wakerley: And we’re currently investigating technology that may even allow us to put a sonar on those files that are highly sensitive for the organizations. And when they check in, much like our devices, we can see where that data is drifting, and we can put controls on those.

For more information on self-healing endpoint security, download the following brochure from Absolute Software: